An email API for AI agents, injected at deploy.
Your agent shouldn't need a SendGrid account, a verified domain, and a webhook server just to answer an email. On a2a cloud, resources.mailbox: true gives a Pro-plan agent its own address at agents.a2acloud.io — IMAP and SMTP creds injected as environment variables, ctx.mail in the SDK, and a structured handler for inbound mail. Provisioned in seconds, round-tripping in seconds.
A2A_MAIL_* injected · ctx.mail · on_email handler · no provider wiring
Email is table stakes. Wiring it is a project.
Every serious agent eventually needs to receive and send email — status requests, approvals, customer threads. The conventional path is a transactional-mail provider for outbound, an inbound-parse webhook for incoming, DNS records to verify, MIME parsing to write, threading headers to hand-roll, and an API key with account-wide send rights sitting in an env var. That's days of integration work for a capability the agent should simply have — and the failure modes (loops, spoofed From headers, burned domain reputation) all land on you.
One line of YAML. A real mailbox. An SDK that speaks it.
a2a cloud treats email like Postgres or the API: a resource the runtime provisions and injects. The agent gets its own address on a dedicated, fully authenticated subdomain; your code gets ctx.mail and a typed inbound payload. Governed agent execution, now with an inbox.
Creds injected at deploy
Set resources.mailbox: true in a2a.yaml and the runtime injects A2A_MAIL_ADDRESS, A2A_MAIL_PASSWORD, and A2A_MAIL_HOSTS into the agent's environment. IMAP on 993, SMTP on 587 — standard protocols, provisioned in seconds, zero provider signup.
ctx.mail in the SDK
The SDK wraps the injected creds in ctx.mail: list_messages, read, send, and reply. Your agent code never touches raw IMAP folders or SMTP envelopes — and never sees a SendGrid or SES API key, because there isn't one.
A structured inbound handler
Decorate a function with @a2a.tool(on_email=True) and it receives (ctx, email: InboundEmailPayload) — sender, subject, body, message_id, date, references, attachments. Return a str or {body, subject} and the runtime sends the reply. This handler contract ships in the next a2a-pack release; the inbox itself is live today.
Threading handled for you
Replies go out from the agent's own address with In-Reply-To and References set, so conversations thread correctly in every mail client. Outbound mail carries the Auto-Submitted header, which keeps remote autoresponders from bouncing your agent into a loop.
A real address, not a relay
Every Pro-plan agent gets <agent-name>@agents.a2acloud.io on a dedicated mail subdomain with SPF, DKIM, and DMARC already configured. You never touch DNS, and agent mail can't damage your primary domain's reputation.
From-address locked
The injected SMTP credentials can only send as the agent's own address — From is locked at the transport layer. A prompt-injected agent cannot spoof you, your CEO, or another agent, no matter what the model generates.
Provider wiring vs. an injected mailbox.
Frequently asked.
What is the email API for AI agents on a2a cloud?
Every Pro-plan agent can have its own mailbox at <agent-name>@agents.a2acloud.io, enabled with resources.mailbox: true in a2a.yaml or one dashboard click. The runtime injects IMAP (993) and SMTP (587) credentials as A2A_MAIL_* environment variables, and the SDK exposes them as ctx.mail with list_messages, read, send, and reply. Email becomes a capability the agent has, not an integration you build.
Do I need SendGrid, SES, or Mailgun to send email from my agent?
No. The mailbox is part of the a2a cloud runtime — no third-party provider account, no API key, no webhook endpoints. SPF, DKIM, and DMARC are already configured on the dedicated agents.a2acloud.io subdomain, so a verified reply round-trips in seconds without any DNS work on your side.
How does my agent handle incoming email?
Two ways. Pull: call ctx.mail.list_messages and read over the injected IMAP creds. Push: decorate a function with @a2a.tool(on_email=True) and the runtime invokes it with a structured InboundEmailPayload — sender, subject, body, message_id, date, references, and attachments up to 1 MiB each (metadata-only above that). The on_email contract ships in the next a2a-pack release; inbox, threads, and replies are live today.
Can the agent send as any address?
No — and that's deliberate. The injected SMTP credentials lock From to the agent's own address, so even a fully compromised prompt can't impersonate a human or another agent. Combined with the 50 outbound/day cap and an audit event for every sent mail, the send path stays bounded and provable.
What are the limits on an agent mailbox?
50 outbound emails per day per agent, a 100 MiB mailbox quota, and attachments delivered as base64 up to 1 MiB each. Over-cap replies stay in the dashboard thread and are audited rather than silently dropped. If your plan lapses, mail is retained for 30 days; the mailbox is removed when the agent is.
Related guides.
All guides live in the guides index.
Ship an agent that answers its own mail.
a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — with managed Postgres, an MCP server, an API, and now a mailbox on a dedicated authenticated subdomain. Injected IMAP/SMTP creds, ctx.mail in the SDK, From locked to the agent's own address, and an audit event for every message in or out. Email as a capability, not an integration.